Page 1 of 1

Username and password in a login link?

Posted: Fri Jan 22, 2010 8:23 am
by fluvly
I need to create a login link which includes username and password (taken from an intranet), so that when the user clicks it, he gets automatically logged in the website, without going to the login page.

Is it safe to include the username and password in the url?

I know nothing about is, and what the most secure way of doing it is. Any help on the matter would be really welcome!

Re: Username and password in a login link?

Posted: Fri Jan 22, 2010 11:21 am
by pickle
It's pretty unsafe, for a couple of reasons:
  • If you're able to put that information on a page, that means you have access to a user's username and password in plaintext. It's generally not a good idea to store a user's password in plaintext
  • If you're sending this information in an email, don't think it's secure. Email is extremely unsecure.
  • There's no way to guarantee that only the intended audience will see the link. You don't want to allow 3rd parties from accessing your site as someone else.

Re: Username and password in a login link?

Posted: Tue Jan 26, 2010 10:32 am
by kaisellgren
A password should travel in the Internet as less as possible.

If the password is known by anyone/anything else except the user, then something is not right..